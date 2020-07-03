Cyber Alert – 03 July 2020
|Heat – Trending Malware and Threat Actors
|Name
|Heat 1
|Heat 7
|Vol 1
|Vol 7
|APT15
|10
|15
|WastedLocker
|11
|47
|Alina Malware
|5
|10
|EvilQuest
|8
|65
|Stuxnet
|4
|6
|SNAKE Ransomware
|7
|13
|Evil Corp
|5
|22
|GoldenSpy
|5
|30
|Trickbot Malware
|9
|26
|NanoCore RAT
|3
|3
|Data Breaches
Facebook exposed user data to app developers
|Dinosn – Twitter – Jul 02 2020 18:44
|Facebook exposed user data to app developers https://www.hackread.com/facebook-exposed-user-data-to-app-developers/
|NY Employment Nonprofit Client Data Potentially Exposed
|DataBreaches.net – Jul 03 2020 00:55
|Rick Moriarity reports: A data breach at CNY Works may have exposed the names and Social Security numbers of 56,000 people who have used the nonprofit agency’s services to find jobs. Clients potentially impacted by the breach began receiving letters…
|Facebook discloses it exposed inactive user data to developers
|SiliconANGLE – Jul 03 2020 00:34
|Facebook Inc. has revealed that it exposed inactive user data to developers in yet another potential data-sharing scandal for the social media giant. The new incident involves approximately 5,000 app developers having access to user data if the users…
|Facebook exposed user data to thousands of app developers
|HackRead – Jul 02 2020 18:41
|By Zara Khan Facebook 'Privacy Matters' reveals 5000 app developers accessed user data. This is a post from HackRead.com Read the original post: …
|Hacker Groups
|Studying an ‘Invisible God’ Hacker: Could You Stop ‘Fxmsp’?
|CERT-EU – Latest Articles Ongoing Threats – RSS – Jul 02 2020 15:07
|Slogan used to sell remote access credentials stolen by Fxmsp, overlaid on a map of victims' locations (Source: Group-IB) Could your organization withstand an attack by the master hacking operation known as "Fxmsp," which promised to help criminals…
|Malware
|WastedLocker Ransomware Targets US Newspaper Company
|BankInfoSecurity – Jul 02 2020 16:14
|Symantec: Phishing Emails Offered Fake Software…
How Do You Get Ransomware? You must have known enough that ransomware has emerged as the most prevalent malicious software that kidnaps your data, locks your file, and denies access to your computer.
|InfoSecHotSpot – Twitter – Jul 02 2020 17:28
|How Do You Get Ransomware? You must have known enough that ransomware has emerged as the most prevalent malicious software that kidnaps your data, locks your file, and denies access to your computer. All this… The post How Do You Get Ransomware?…
This week, Avaddon ransomware became the latest malware to use malicious Excel 4.0 macros in campaigns. Emails carrying the malicious Excel attachments were sent to specific targets, primarily in Italy.
|JRoosen – Twitter – Jul 03 2020 00:20
|RT @MsftSecIntel: This week, Avaddon ransomware became the latest malware to use malicious Excel 4.0 macros in campaigns. Emails carrying the malicious Excel attachments were sent to specific targets, primarily in Italy. When run, the malicious macro…
New EvilQuest macOS ransomware is a smokescreen for other threats A new piece of ransomware dubbed EvilQuest is being delivered bundled up with pirated versions of popular macOS software.
|InfoSecHotSpot – Twitter – Jul 02 2020 16:28
|New EvilQuest macOS ransomware is a smokescreen for other threats A new piece of ransomware dubbed EvilQuest is being delivered bundled up with pirated versions of popular macOS software, researchers warned. But the ransomware is also a smokescreen,…
|Vulnerabilities
Microsoft fixes two RCE flaws affecting Windows 10 machines Microsoft has released fixes for two remote code execution (RCE) vulnerabilities in the Microsoft Windows Codecs Library on Windows 10 machines.
|InfoSecHotSpot – Twitter – Jul 02 2020 15:58
|Microsoft fixes two RCE flaws affecting Windows 10 machines Microsoft has released fixes for two remote code execution (RCE) vulnerabilities in the Microsoft Windows Codecs Library on Windows 10 machines. The vulnerabilities Both flaws –…
|NA – CVE-2020-2215 – A cross-site request forgery vulnerability in…
|CERT-EU VulnerabilitiesApplications – Jul 02 2020 19:55
|A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified username and password.
|Vulnerability management explained
|CERT-EU VulnerabilitiesApplications – Jul 02 2020 13:20
|What is vulnerability management? Every year, thousands of new vulnerabilities are discovered, requiring organizations to patch operating systems (OS) and applications and reconfigure security settings throughout the entirety of their network…
|NA – CVE-2020-5909 – In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and…
|CERT-EU VulnerabilitiesApplications – Jul 02 2020 16:55
|In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified. COMPANY. Security-Database help your corporation…
